v. 1.0.0
Visit WebsiteFAQs
Support
Menu
What are you looking for?
Categories
Integration
Settings
Authentication & SSO
Getting Started

Authentication & SSO

SSO with LDAP

Get Started
Get Started
Support
Support

Single Sign-On (SSO) with LDAP

Overview

Single Sign-On (SSO) with LDAP allows organizations to authenticate users in Cywift using their existing LDAP directory service (such as Microsoft Active Directory or other LDAP-compliant directories).

By integrating LDAP, Cywift enables centralized identity management, reducing the need for local passwords and simplifying user authentication.

Who Can Configure LDAP SSO

Administrators only

Users with permissions to manage authentication and security settings

Prerequisites

  • Before configuring LDAP SSO, ensure:
  • Network connectivity from Cywift to the LDAP server is available
  • Required LDAP ports are open (e.g., 389 for LDAP or 636 for LDAPS)
  • Valid Bind DN and Bind Password with directory search permissions
  • LDAP user attributes are known (email, first name, last name)

Navigation Steps

Follow the steps below to access LDAP SSO settings:

  • Log in to the Cywift GRC Platform as an administrator.
  • Go to Settings.
  • Search for SSO.
  • Click on LDAP Settings.

You will see the LDAP Configuration screen.

LDAP Configuration

Step 1: Enable LDAP

  • Enable the Enable LDAP toggle to activate LDAP authentication.

Step 2: Configure LDAP Connection

Enter the following connection details:

  • LDAP URL / Host – LDAP server hostname or IP address
  • LDAP Port – Default is 389
  • Connect Timeout – Example: 600 seconds
  • Receive Timeout – Example: 300 seconds

Step 3: Configure Base DN & Search

  • Base DN – The base distinguished name used to search user entries
  • Search Filter (example):

           (&(objectClass=person)(mail={email}))

This filter ensures the correct user object is located during authentication.

Step 4: Bind Credentials

Provide LDAP credentials used for directory search:

  • Bind DN
  • Bind Password

These credentials must have permission to search the directory.

Step 5: Enable SSL (Optional but Recommended)

  • Enable Use SSL if connecting via LDAPS
  • Import or trust the LDAP server certificate if required

Test & Validation

  • Authenticate using a known LDAP user
  • Verify:
  • Login succeeds
  • User attributes are correctly captured
  • Correct Cywift account is created or linked

Troubleshooting

Connection Refused

  • Verify firewall rules
  • Check LDAP host and port

SSL Handshake Failure

  • Validate LDAP certificates
  • Confirm trust chain is correctly configured

Bind DN Authentication Failure

  • Check Bind DN credentials
  • Ensure sufficient directory privileges
Previous
SSO with Microsoft Entra ID
User Authentication
Previous
Branding & Localisation
User Authentication
Next
This is some text inside of a div block.
Next
User Authentication
This is some text inside of a div block.
Visit WebsiteFAQs
Cywift. Proprietary and Confidential. Copyright © 2026 Cywift.  
All Rights Reserved. The term “Cywift” refers to Cywift Limited. and/or its global subsidiaries.

In this article